Nearly 65% of IT leaders struggle to enforce corporate security policies.
Security professionals are no longer worried about the security of the cloud itself, nor their ability to set up secure policies on Day 1. It is enforcing security on Day 400+ — the continual possibility that the system could “fall out” of compliance without oversight — that keeps them up at night.
That is why we built Cloud Patrol.
The State of Security in the Cloud
The vast majority of companies now have a formal policy for requesting cloud services from central IT. This is a good thing in theory, but in practice can be challenging. Recently, Logicworks sat down with a few business unit managers from a mid-market enterprise. They were trying to launch a business-critical project and were actually told by their CIO to “just go around” central IT’s standard cloud procurement process because it would cause long delays.
With the volume of cloud projects increasing, enterprise IT needs to make sure that the process is not so slow and painful that your internal users avoid you. The average IT department fields 10.6 new cloud project requests per month. They let shadow IT happen in “walled off” environments just so they can get stuff done. To some degree, everyone buys into the paradigm that:
Innovation is valuable
Security is a roadblock to innovation
∴ You must sacrifice governance for speed
But is this true? Can security move at the speed of the cloud?
Introducing: Cloud Patrol
There is a movement in the security industry to integrate with agile processes. Some call it DevSecOps, some call it “DevOps done right”, some call it security automation or even software-defined infrastructure security. By whatever name, it describes the effort to build and maintain secure systems more efficiently.
Cloud Patrol is designed with the same purpose. Cloud Patrol is a collection of tools and custom software designed to build systems that are secure-by-design, where configurations are consistent, repeatable, and continually enforced over time. It has two central components:
- Automation Framework: Defines each environment with a repeatable, consistent, well-tested automation process: sets up VPCs, sets security rules, automates the configuration and deployment of instances.
- Scanners: Custom scripts proactively enforce security configurations and alert NOC in case of configuration drift or error.
Cloud Patrol is not a static piece of software. It is a service whereby we strategically help you develop standard configurations, write those configurations into templates and custom scripts, and the enforce those configurations with both scripts and engineers.
We built Cloud Patrol to help enterprise IT departments build secure systems fast and govern those systems efficiently, so that no BU or project is forced to choose agility over security. Enterprises using Cloud Patrol can ensure that every configuration on every server in every environment meets your security and compliance standards, provide visibility into configurations across projects and workloads, and even proactively change misconfigured systems.
The Future of Security in the Cloud
The future of security in the cloud, and the future of cloud management in general, is software-defined infrastructure.
With increasing pressure to deliver more services faster, relying on security teams to (manually) review (and re-review) infrastructure changes is increasingly challenging, if not impossible. Quarterly or annual reviews never worked particularly well in traditional systems, and in cloud systems that change even more frequently, the chance of a vulnerability slipping through the cracks is high.
Software-defined infrastructure is about building and maintaining cloud infrastructure using an orchestration layer that abstracts away actual virtual resource provisioning or upkeep — and this orchestration layer itself is versioned and updated like a piece of software. It was one of Gartner’s 10 Biggest IT trends last year, and done right, this orchestration layer enables both agility and security.
Enterprises should not have to choose between moving fast and moving securely. Automating your infrastructure layer makes both possible.